Browse Month

April 2011

IP phone web interface security

Security of IP telephony systems is a hot topic at the moment, it has been for quite some time and is should always be at the forefront of anyone’s mind when setting up such a system.

There are loads of methods and applications for securing PBXs and the like but something I often see overlooked is security of the actual phones themselves.

The usual threat is someone obtaining SIP credentials by looking at the phone’s web interface. In some cases, IP phone devices have the password displayed in plain-text for all to see. Slightly better implemented GUIs have the password obfuscated when you look at the page but still readable by viewing the page source code in your web browser.

If ProVu ever become aware of any products we sell with either of these issues, we push the manufacturer make changes to hide the password at all times.

Further to this though, anyone installing IP phones should really set strong web interface usernames and passwords. I see phones put on public IP addresses or sometimes with port forwards (often for support purposes) that have no passwords set! This is like leaving the front door to your house wide open while you go out to work all day. Please remember to set a username and password. If a phone comes with a default username and password then do not leave this set as you can be certain the people who want to break into your phone will know default passwords for various phones.

ProVu can set usernames and passwords for phones using our provisioning services:

ProVu fulfilment services

cheers,
Paul.

Draytek 2820 known issue with current firmware

Over the last few weeks we have been taking lots of support calls from people with NAT issues with phones using Draytek routers.

The 2820 seems to be the main router affected but it could be others.

The problem manifests itself with SIP phones losing Registration to the SIP server with 408 time-out messages. In most cases it is weird in that some phones on the network will work fine and others wont.

The fix (which is confirmed by Draytek themselves to a couple of my customers) is to downgrade to firmware version “333”.

This problem occurs even if you have the SIP ALG turned off. Please ensure the ALG is off as this can cause even more problems, it is usually off by default these days.

As a side note, please make sure you are not using a Draytek router with “voip” ports, the model number will usually have a “v” in it. These are not suitable for use with stand-alone SIP phones connected to the network, they are only use if you are ONLY using the built-in VoIP ports. There is no fix other than swapping the router out as far as I’m aware.

cheers,
Paul.

End of an Era – last Snom360

Today ProVu shipped the last black Snom 360.

<%ThickBox(http://www.provu.co.uk/products/snom/PVSnom360/PVSnom360-medium.jpg|)%>

We first shipped this product in March 2005, giving a product life of 6 years.

Snom360 was probably the first really good VoIP phone, with a decent DSP and handset to match. It has lived through 6 major versions of Snom firmware.

The product has been on notice of withdrawal for around a year. It has still sold strongly, but we have finally run out. The range is a little crowded with snom320 just below and snom370 just above.

If you do still want a Snom360, we have 5 white units still in stock – first come first served.

For alternatives, then buy a Snom320 or a Snom370

SnomONE and Voipfone

I’ve just diagnosed an issue a customer had getting a Voipfone SIP trunk Registered on a SnomONE PBX.

The trick to getting this to work is:

    • Turn on long SIP headers. Go to the admin, general settings page and set “Use Short SIP Headers” to “long”

 

    • If you are using IP access control then you need to enable the IP range 195.189.172.1 – 195.189.173.254 to ensure Voipfone will work

 

SnomOne more info